public override async Task <GrantApplicationReply> GrantApplication(GrantApplicationRequest request, ServerCallContext context)
{
AppUser currentUser = await _userManager.GetUserAsync(context.GetHttpContext().User);
OIDCAppSettings settings = await _authDbContext.OIDCAppSettings
.Where(u => u.ClientId == request.AppId)
// FIXME: add this condition
// .Where(u => u.RedirectUrl == request.RedirectUri)
.Where(u => u.AuthApp.UserGroups.Any(u => u.Members.Contains(currentUser)))
.SingleAsync();
OIDCSession session = new OIDCSession
{
CreationTime = SystemClock.Instance.GetCurrentInstant(),
OIDCAppSettings = settings,
User = currentUser,
Nonce = request.Nonce,
};
_authDbContext.Add(session);
await _authDbContext.SaveChangesAsync();
// TODO: encrypt this
string accessToken = session.Id.ToString();
return(new GrantApplicationReply
{
Success = true,
AccessToken = accessToken,
});
}
public override async Task <AddNewAppReply> AddNewApp(AddNewAppRequest request, ServerCallContext context)
{
AuthApp app = new AuthApp
{
Name = request.Name,
Url = request.Url,
Description = request.Description,
};
_authDbContext.Add(app);
switch (request.HostingType)
{
case HostingType.NonWeb:
app.HostingType = AuthApp.HostingTypeEnum.NON_WEB;
break;
case HostingType.WebGatekeeperProxy:
app.HostingType = AuthApp.HostingTypeEnum.WEB_GATEKEEPER_PROXY;
break;
case HostingType.WebGeneric:
app.HostingType = AuthApp.HostingTypeEnum.WEB_GENERIC;
break;
default:
throw new NotImplementedException("Auth mode is not implemented");
}
switch (request.DirectoryChoice)
{
case AddNewAppRequest.Types.DirectoryChoice.NoneDirectory:
app.DirectoryMethod = AuthApp.DirectoryMethodEnum.NONE;
break;
case AddNewAppRequest.Types.DirectoryChoice.LdapDirectory:
app.DirectoryMethod = AuthApp.DirectoryMethodEnum.LDAP;
break;
case AddNewAppRequest.Types.DirectoryChoice.ScimDirectory:
app.DirectoryMethod = AuthApp.DirectoryMethodEnum.SCIM;
break;
}
switch (request.AuthChoice)
{
case AddNewAppRequest.Types.AuthChoice.LdapAuth:
app.AuthMethod = AuthApp.AuthMethodEnum.LDAP;
break;
case AddNewAppRequest.Types.AuthChoice.OidcAuth:
app.AuthMethod = AuthApp.AuthMethodEnum.OIDC;
break;
}
if (app.AuthMethod == AuthApp.AuthMethodEnum.LDAP || app.DirectoryMethod == AuthApp.DirectoryMethodEnum.LDAP)
{
string assembledBaseDn = "dc=" + app.Id;
string bindUserPassword = _ldapSettingsDataProtector.Protect(_secureRandom.GetRandomString(16));
string bindUser = "******" + assembledBaseDn;
LdapAppSettings ldapAppSettings = new LdapAppSettings
{
AuthApp = app,
UseForAuthentication = (app.AuthMethod == AuthApp.AuthMethodEnum.LDAP),
UseForIdentity = (app.DirectoryMethod == AuthApp.DirectoryMethodEnum.LDAP),
BaseDn = assembledBaseDn,
BindUser = bindUser,
BindUserPassword = bindUserPassword,
};
_authDbContext.Add(ldapAppSettings);
app.LdapAppSettings = ldapAppSettings;
}
if (app.HostingType == AuthApp.HostingTypeEnum.WEB_GATEKEEPER_PROXY)
{
ProxyAppSettings proxyAppSettings = new ProxyAppSettings
{
AuthApp = app,
InternalHostname = request.ProxySetting.InternalHostname,
PublicHostname = request.ProxySetting.PublicHostname,
};
_authDbContext.Add(proxyAppSettings);
app.ProxyAppSettings = proxyAppSettings;
_configurationProvider.TryGet("tls.acme.support", out string isAcmeSupported);
if (isAcmeSupported == "true")
{
// FIXME: Passing an empty email is a hack here. The email is already passed in InstallService. Could be refactored.
BackgroundJob.Enqueue <IRequestAcmeCertificateJob>(job => job.Request("", request.ProxySetting.PublicHostname));
}
}
if (app.AuthMethod == AuthApp.AuthMethodEnum.OIDC)
{
OIDCAppSettings oidcAppSettings = new OIDCAppSettings
{
RedirectUrl = request.OidcSetting.RedirectUri,
AuthApp = app,
ClientId = Guid.NewGuid().ToString(),
ClientSecret = _secureRandom.GetRandomString(32),
Audience = "FIX_ME",
};
_authDbContext.Add(oidcAppSettings);
app.OidcAppSettings = oidcAppSettings;
}
if (app.DirectoryMethod == AuthApp.DirectoryMethodEnum.SCIM)
{
SCIMAppSettings scimAppSettings = new SCIMAppSettings
{
AuthApp = app,
Endpoint = request.ScimSetting.Endpoint,
Credentials = request.ScimSetting.Credentials,
};
_authDbContext.Add(scimAppSettings);
app.ScimAppSettings = scimAppSettings;
}
foreach (string groupId in request.GroupIds)
{
Guid groupIdGuid = new Guid(groupId);
UserGroup group = await _authDbContext.UserGroup
.Include(g => g.AuthApps)
.SingleAsync(g => g.Id == groupIdGuid);
group.AuthApps.Add(app);
}
await _authDbContext.SaveChangesAsync();
// fixme: this should be done outside a service
await _memoryPopulator.PopulateFromDatabase();
return(new AddNewAppReply
{
Success = true,
});
}
